private bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
{
// we can perform additional certificate checks here
return(true);
}
// Do not allow this client to communicate with unauthenticated servers.
// log the certificate error into the error log.
var s = "SSL certificate error: ";
s += sslPolicyErrors;
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) != 0)
{
// if name mismatch error is reported, and the stored name is not empty
// then the remote certificate is not acceptable.
string s2 = "CN=";
s2 += Certificate.Name.ToUpper();
s = certificate.Subject.ToUpper();
if (Certificate.Name.Length != 0 && (!s.Contains(s2)))
{
Console.WriteLine("SSL certificate name " + certificate.Subject + " unexpected with given certificate " + Certificate.Name + ". Rejecting ...");
return(false);
}
}
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) != 0)
{
// if there is a certificate chain error, then we accept the certificate
// if its hash matches what we expect, or if stored hash is "-"
s = certificate.GetCertHashString();
if (s != null)
{
if ((!s.Equals(Certificate.Hash, StringComparison.OrdinalIgnoreCase)) && Certificate.Hash.Length != 0)
{
Console.WriteLine("SSL certificate hash " + s + " unexpected with given hash " + Certificate.Hash + ". Rejecting ...");
return(false);
}
}
}
return(true);
}
